External Tests Share the Same Failure Mode
Teams find issues fast but reconstruct the narrative slowly — which host, which finding, which screenshot. A repeatable external penetration test checklist keeps scope tight and reporting honest.
Recon and Attack Surface
- Confirm in-scope domains, IPs, and ASNs with the client
- Passive OSINT: employees, breaches, tech stack, cloud buckets
- Subdomain enumeration and live host discovery
- Port scan tiered: top ports first, full scan on high-value hosts
Application and Identity Testing
- Web app testing on all live HTTP services (OWASP-aligned)
- Authentication: password policy, MFA bypass paths, session handling
- Email: SPF/DKIM/DMARC, phishing surface, exposed mail gateways
- VPN and remote access: credential spray limits, split tunnel leaks
Evidence and Delivery
Capture commands, outputs, and screenshots as you go. HackFast links hosts, credentials, and findings to Report Builder so the external pentest report grows during the engagement — not after it ends.
Run your next external test: Start a HackFast project.